From 71392a73a563e9610981ce0baf4742b3a01a53d7 Mon Sep 17 00:00:00 2001
From: shish <shish@7f39781d-f577-437e-ae19-be835c7a54ca>
Date: Fri, 27 Apr 2007 18:14:38 +0000
Subject: [PATCH] be more strict about allowed comparisons

git-svn-id: file:///home/shish/svn/shimmie2/trunk@19 7f39781d-f577-437e-ae19-be835c7a54ca
---
 core/database.class.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/database.class.php b/core/database.class.php
index d98d8f4d..89b3aec5 100644
--- a/core/database.class.php
+++ b/core/database.class.php
@@ -93,17 +93,17 @@ class Database {
 			$term = $this->resolve_alias($term);
 
 			$matches = array();
-			if(preg_match("/size([><=]+)(\d+)x(\d+)/", $term, $matches)) {
+			if(preg_match("/size(<|>|<=|>=|=)(\d+)x(\d+)/", $term, $matches)) {
 				$cmp = $matches[1];
 				$args = array(int_escape($matches[2]), int_escape($matches[3]));
 				$img_search->append(new Querylet("AND (width $cmp ? AND height $cmp ?)", $args));
 			}
-			else if(preg_match("/ratio([><=]+)(\d+):(\d+)/", $term, $matches)) {
+			else if(preg_match("/ratio(<|>|<=|>=|=)(\d+):(\d+)/", $term, $matches)) {
 				$cmp = $matches[1];
 				$args = array(int_escape($matches[2]), int_escape($matches[3]));
 				$img_search->append(new Querylet("AND (width / height $cmp ? / ?)", $args));
 			}
-			else if(preg_match("/(filesize|id)([><=]+)([\dKMGB]+)/i", $term, $matches)) {
+			else if(preg_match("/(filesize|id)(<|>|<=|>=|=)([\dKMGB]+)/i", $term, $matches)) {
 				$col = $matches[1];
 				$cmp = $matches[2];
 				$val = parse_shorthand_int($matches[3]);